This page will briefly outline our PII processes.
By default, Zenlogin does not store any PII. When you make a request to our API which includes any PII (eg. email address, first name, etc), this data is only used to fulfill the request. For example, if we believe the login is suspicious, we'll use the data you pass to send off an email to the recipient.
Immediately after, this data is deleted from memory. Additionally, we don't store any PII in our logs.
In the case that an API call results in an email being sent to one of your users, a copy of the data may be available through our partner, Postmark.
We use Postmark to fulfill the email notification, and for compliance reasons, a copy of those emails are stored with them. Emails are deleted after 45-days.